Manage API Keys for Provisioning Endpoint Devices
Cisco Secure Access supports the management of Microsoft Active Directory (AD) endpoint devices in Secure Access through the Cisco Secure Access Identity Endpoints API. For more information, see Cisco Secure Access Identity Endpoints API.
You can also provision users, groups, and endpoint devices by uploading AD identities in comma-separated values (CSV) files. For information about uploading CSV files to Secure Access, see Import Users and Groups from CSV File and Provision a Machine Tunnel User.
Table of Contents
Guidelines
- For general information about adding, refreshing, or removing Secure Access API keys, see Manage API Keys.
- Generate an API key for provisioning endpoint devices in Secure Access on Connect > Users, Groups, and Endpoint Devices > Integrate Directories. Secure Access generates the API key with these attributes:
- The Deployments / Identities key scope and Read / Write permissions.
- You can add more API keys in Secure Access to manage the endpoint devices in the organization. Create and manage API keys on the Admin > API Keys page.
- A default expiry date of 90 days. You can modify the API key's expiry date at any time.
- A default key name of API Provisioning Key.
- The Deployments / Identities key scope and Read / Write permissions.
- Secure Access only displays the active endpoint devices in the organization. For more information, see View Endpoint Device Details.
- Use the Cisco Secure Access Identity Endpoints API to update an endpoint device in Secure Access. For more information, see Cisco Secure Access Identity Endpoints API.
Prerequisites
- Full Admin user role. For more information, see Manage Accounts.
Procedure
- Add the API Key for Managing Endpoint Devices
- Refresh the API Key for Managing Endpoint Devices
- Delete API Keys
- View Details About Provisioned API Keys
- View Details for Endpoint Devices Provisioned with the API
- View Endpoint Devices
Add the API Key for Managing Endpoint Devices
Add an API key in Secure Access to manage the endpoint devices for the organization.
Note: You can add API keys with the Deployments / Identities key scope on the Admin > API Keys page in Secure Access.
-
Navigate to Connect > Users, Groups, and Endpoint Devices, and then click Configuration management.
-
On the Configurations tab, click Integrate directories.
-
For Provisioning Method, click Manual Upload, and then click Next.

-
On Integrate Directories, click the API tab.
-
Click Generate to add an API key and secret.
-
Copy the value of API Key and the value of Key Secret to your local environment.
-
Click Done.
Refresh the API Key for Managing Endpoint Devices
Refresh the API key used to manage the endpoint devices in Secure Access.
Note: You can refresh any API keys that you added in the organization on the Admin > API Keys page in Secure Access.
-
Navigate to Connect > Users, Groups, and Endpoint Devices, and then click Configuration management.
-
On the Configurations tab, click Integrate directories.
-
For Provisioning Method, click Manual Upload, and then click Next.
-
On Integrate Directories, click the API tab.
-
Expand an API key, and then click Refresh key.
-
Copy the value of API Key and the value of Key Secret to your local environment.
-
Click Done.
Delete API Keys
To remove the API keys that you added in Secure Access, navigate to Admin > API Keys and delete the keys. For more information, see Manage API Keys.
View Details About Provisioned API Keys
Note: You can view all API keys added in the organization on the Admin > API Keys page in Secure Access. For more information, see Manage API Keys.
-
Navigate to Connect > Users, Groups, and Endpoint Devices, and then click Configuration management.
-
On the Configurations tab, click Integrate directories.
-
For Provisioning Method, click Manual Upload, and then click Next.
-
Navigate to Integrate Directories, and then click on the API tab.
-
Secure Access displays the list of API keys in the organization configured with the Deployments/identities key scope and Read/Write key permissions.
-
Expand an API key to view the key details.
View Details for Endpoint Devices Provisioned with the API
Note: Secure Access only displays the API Provisioned component if the organization provisioned an API key for managing the endpoint devices.
-
Navigate to Connect > Users, Groups, and Endpoint Devices, and then click Configuration management.
-
On the Configurations tab, navigate to Directories, and then expand the API Provisioned component.
Secure Access displays the number of endpoint devices that the organization provisioned with the Cisco Secure Access Identity Endpoints API.
View Endpoint Devices
You can view the details about the endpoint devices in Secure Access. For more information, see View Endpoint Device Details.
- Navigate to Connect > Users, Groups, and Endpoint Devices, and then click on the Endpoint Devices tab.

Import Users and Groups from CSV File < Manage API Keys for Provisioning Endpoint Devices > Manage Active Directory Integration
Updated 4 days ago